17:12 <jdstrand> #startmeeting
17:12 <meetingology> Meeting started Mon Jan 12 17:12:45 2015 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
17:12 <meetingology> 
17:12 <meetingology> Available commands: action commands idea info link nick
17:12 <jdstrand> The meeting agenda can be found at:
17:12 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
17:12 <jdstrand> [TOPIC] Announcements
17:13 <jdstrand> Lev Lazinskiy (levlaz) provided a debdiff for precise for nginx (LP: #1370478). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
17:13 <ubottu> Launchpad bug 1370478 in nginx (Ubuntu Utopic) "[CVE-2014-3616] "possible to reuse cached SSL sessions in unrelated contexts"" [Undecided,Fix released] https://launchpad.net/bugs/1370478
17:13 <jdstrand> [TOPIC] Weekly stand-up report
17:13 <jdstrand> I'll go first
17:13 <jdstrand> I'm on triage this week
17:13 <chrisccoulson> hi
17:13 <jdstrand> I have some stuff to look at regarding snappy for this week
17:13 <jdstrand> and need to get to my pending updates
17:14 <jdstrand> mdeslaur: you're up
17:14 <mdeslaur> I'm on community this week
17:14 <mdeslaur> I'm currently testing openssl which should go out in a few minutes
17:14 <mdeslaur> I also have an embargoed issue to look at
17:14 <mdeslaur> and have a bunch of other pending CVE updates I'm working on
17:14 <mdeslaur> that's it for me, sbeattie
17:15 * mdeslaur pokes sbeattie with stick
17:16 <jdstrand> perhaps go to tyhicks and circle back around to sbeattie?
17:17 <tyhicks> I'm currently working on git updates
17:17 <tyhicks> the precise backport was failing the in-tree tests but I think I've just identified the problem so they should be going out today or tomorrow
17:17 <tyhicks> then I plan on helping out wherever possible with bug #1408106
17:17 <ubottu> bug 1408106 in AppArmor "attach_disconnected not sufficient for overlayfs" [Critical,In progress] https://launchpad.net/bugs/1408106
17:18 <jdstrand> tyhicks: where are we on that dbus apparmor bug?
17:18 <tyhicks> jdstrand: that's next on my list :)
17:18 <jdstrand> ah ok
17:19 <tyhicks> jdstrand: I haven't been able to look at it in some time
17:19 <tyhicks> but I expect to spend most of my time this week on bug #1362469
17:19 <ubottu> bug 1362469 in dbus (Ubuntu) "AppArmor unrequested reply protection generates unallowable denials" [Medium,In progress] https://launchpad.net/bugs/1362469
17:19 <tyhicks> that's it for me
17:19 * sbeattie is here
17:19 <jdstrand> not meaning to rush or reprioritize it. it came up in a meeting today that we'll likely be looking at moving rtm branch to vivid in the coming couple/few months
17:20 <jdstrand> tyhicks: ^
17:20 <tyhicks> jdstrand: yep, I need to get it fixed and then post the latest set of revisions to the upstream dbus bug
17:20 <jdstrand> cool, thanks
17:20 <tyhicks> so there are two good reasons to get it fixed asap
17:20 <tyhicks> go ahead, sbeattie
17:20 <jdstrand> (that's it from me-- sbeattie and then jjohansen?)
17:20 <sbeattie> I have a set of yaml updates to go out later today.
17:21 <sbeattie> I have some upstream apparmor patches to review
17:21 <sbeattie> I need to get the pie stuff back on the front burner
17:21 <sbeattie> I'll also probably pick up the binutils update to work on in the background
17:22 <sbeattie> Sorry, I'm also expecting to work on bug 1408106 as needed as well.
17:22 <ubottu> bug 1408106 in AppArmor "attach_disconnected not sufficient for overlayfs" [Critical,In progress] https://launchpad.net/bugs/1408106
17:22 <sbeattie> that's it for me, jjohansen?
17:22 <jjohansen> There are a couple of things to prep for the monthly apparmor meeting, some outstanding apparmor patches to finish reviewing, finish up the work on Bug #1408833, some work with tyhicks on the interaction of overlayfs and apparmor (as mentioned already Bug #1408106), and of course continuing the apparmor upstreaming work.
17:22 <ubottu> bug 1408833 in AppArmor "broken postinst test for uvtool-libvirt on utopic" [Undecided,Confirmed] https://launchpad.net/bugs/1408833
17:24 <jjohansen> thats it for me, sarnold
17:25 <sarnold> I'm in the happy place this week; I'm working on an update to coreutils, and there are five packages needing MIR auditing -- I probably can't get to all of them this week unless several of them are smaller than I expect
17:25 <sarnold> thanks to those filing early MIR requests :) much appreciated
17:26 <sarnold> that's it for me, chrisccoulson
17:26 <jdstrand> sarnold: fyi, I assigned one more to you today
17:26 <chrisccoulson> it's mozilla updates for me this week
17:26 <jdstrand> oh, I didn't try the new firefox yet
17:27 <chrisccoulson> I'm fixing a build failure (armhf) at the moment
17:27 <tyhicks> I thought chrisccoulson wanted us to do that tomorrow
17:27 <jdstrand> I thought by tomorrow
17:27 <tyhicks> ah
17:27 <chrisccoulson> other than mozilla updates, I'm working on bug 1377198 which fixes some weird behaviour in an API that the browser is using
17:27 <sbeattie> chrisccoulson: I'm running the new firefox, not seeing issues.
17:28 <ubottu> bug 1377198 in Oxide "CertificateError is not cancelled if you stop the pending navigation" [High,Triaged] https://launchpad.net/bugs/1377198
17:28 <chrisccoulson> excellent, thanks
17:28 <chrisccoulson> I think that's me done
17:29 <jdstrand> [TOPIC] Highlighted packages
17:30 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:30 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:30 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-4.9-powerpc-cross.html
17:30 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ldap-account-manager.html
17:30 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/bfgminer.html
17:30 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ganeti.html
17:30 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/rawstudio.html
17:30 <jdstrand> [TOPIC] Miscellaneous and Questions
17:30 <jdstrand> Does anyone have any other questions or items to discuss?
17:31 <tyhicks> I've got one for jjohansen, sarnold, and sbeattie regarding the libapparmor patches waiting for review
17:31 <tyhicks> how can I help the review process there?
17:31 <jjohansen> tyhicks: can you please provide 48h to my day
17:31 <tyhicks> would it help if I wrote up a man page for the new functions?
17:32 <tyhicks> jjohansen: :)
17:32 <jjohansen> tyhicks: no, its just spending the time to give them a proper review
17:32 <tyhicks> I need to write a man page before release, anyways, so it might help show the "bigger picture" during review
17:33 <tyhicks> jjohansen: ack - I figured that was the bottleneck but wanted to make sure there was nothing else I could do
17:33 <jjohansen> tyhicks: I would suggest holding off on that, I already have nacks on some of it
17:33 <tyhicks> ok
17:33 <sarnold> tyhicks: sorry, I was daunted by just how many patches are still outstanding..
17:33 <tyhicks> (please send out nacks asap so I can start on new revisions)
17:34 <tyhicks> jdstrand: that's all that I had
17:34 <jjohansen> sarnold: he was just trying to make sure you would have your fill over the christmas break
17:34 <jjohansen> tyhicks: ack
17:35 <sarnold> jjohansen: no fear there, it was an impressive patch dump :)
17:36 <jjohansen> sure, now /me has to give sarnold an even bigger patch dump to keep him happy
17:36 <sarnold> :)
17:38 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, chrisccoulson: thanks!
17:38 <jdstrand> #endmeeting